I received all of the e-mails when I slept. I rushed to check the account and discovered that all my holdings were gone. More specifically, they were sold on low-liquid markets at the rates substantially lower than the market ones.https://monosnap.com/file/ZF2LuWlV5rbwsO6FycUu4mea9ByL2f

In no time I turned to the support of the Exchange and informed about the incident. I wrote about this situation on Reddit and in the public Telegram group of the Exchange. Naturally, the first reaction that I experienced from the community was humiliation and accusations of stupidity. Many called me a dumb fool because I stored funds on the Exchange and so on. No need to point out how I kept the funds. I have what I have now. So on a weekly basis, the Exchange shares the trading fees with the holders of its tokens. The profit is distributed among token holders proportionally to the number of tokens they possess. That's why I decided to keep my tokens with COSS exchange.

The Exchange claims that the hacker had my password. Of course, the most natural and the easiest thing is to accuse the user of being responsible for the accident. But I can assure you that it is far from being the case. I have been in this industry since the end of 2011, and I do know how to generate and store wallets, passwords etc. I neither use Android smartphones, nor computers with Windows OS. I do not use SMS 2FA. I am meticulous and do not do bullshit. What if it was some internal job? Or users data base leaked? Ok, let's assume that I happened to become a victim/target of a hacker, who somehow managed to access my login and password (what I doubt A LOT). However, I had a 2FA verification installed for this occasion.https://monosnap.com/file/79XrZrCLUTYWyjqRbWpMdbw5sGEi0V

It was designed exactly for the situations like the one I described above. 2FA enables to keep the funds safe even if the password/login was compromised. Recently I received a report from COSS compliance, in which they admitted that the brute force attack took place. After 25,000 trials the attack was successfully completed.https://monosnap.com/file/va2jo4vKoY8BMpCiqVr2lp7AGT8AvO

How come? How would the hacker have accessed the funds if the Exchange had not allowed to perform the brute force attack? Even if it was me who had compromised the password in some magic way, 2FA had to serve the last stand. The hacker managed to brute force it using Exchange’s vulnerability and the Exchange has not stopped the brute force attack. Remember, there were 25,000 trialshttps://monosnap.com/file/w1OOclQrPSuJFY4GzSpHCHABipfgKa

If I had additional time, I would manage to respond and prevent the hack. Even if there was my fault, but only 50%, the other half is that exchange gave the opportunity to the hacker to brute force 2FA. In this regard, I publicly call the COSS Exchange to refund me at least 50% of my account's balance.

The Exchange should bear the sole responsibility for the accident if its internal vulnerability allowed the hacker to accomplish his/her brute force attack.

If it would be possible to bypass 2FA protection with a brute force attack, every exchange/platform, as well as 2FA providers (generally Google), would be brought into disrepute and would face severe claims from their users. Basically, the whole industry would become a mess. If the case, exchanges/platforms would suffer multi-billion dollar losses, in particular, translating into even more significant losses for the industry as a whole.

No matter what decision COSS exchange will take I call other exchanges to add an extra security feature to protect user’s funds. TRADING PASSWORD. This will prevent anybody to sell user’s assets on the low liquidity markets for cents even if the password was compromised and exchange grants brute force attacks.

I’m not promoting anybody, just facts:

Bitfinex doesn’t have itBinance doesn’t have itPoloniex doesn’t have it

A month ago Binacne blocked my old, active account that was 3d level verified and full of 1.2K BTC.

The account was created and used for arbitrage on cryptocurrency markets and everything was good for a long time before Binance decided to block it.

Since then I’ve had a long conversation with their representative where I provided all my documents (even more that it was necessary), passed video verification and fund verification as well.

During our conversation they changed the reason for blocking my account a few times and as a conclusion it’s still blocked.

The first reason was “security” the last one was “law enforcement” which they don’t want to connect me directly with. And you know what, I don’t believe them at all.

I make deposits from and make withdrawals exclusively to other well recognized exchanges from Top-10 exchanges.

I haven’t made withdrawals to any new addresses for last month. All withdrawals were from addresses that I used before for as long as several months. Why have you just now blocked my account?

All my withdrawals can be traced to well-known cold wallets of respectable exchanges (all were in top 10, according to CMC).

The hackers don’t do any arbitrage.

It's strictly prohibited to tell anyone that reason of blocked account is law enforcement (in case it's real reason, not like in my case). If it's really law enforcement they will connect you directly without any 3d party.

My accounts on other exchanges are active, so, I’m just wondering for what reasons is Binance holding my money with no rules or reasons for it?

I just kindly ask the official Binance representative to let me know that an investigtion about the account has beed started.

u/Binance How long does it take to finally solve the issue with my account as they’ve had all the documents and information for more than a month?

Is there anyone who’s faced the same situation? What kind of actions should I take against Binance to get my funds back?

You bought a Pizza for 10,000 BTC? You lost big in a collapsed exchange? You sold a shitcoin with loss to see how it exploded the next day? You missed 1000+1 occasions? You sold your retirement money for the biggest cryptoscam in history?
You are not alone! Share your story and find relief from your fellow cryptosobbers! Found stories are also fine.